Web Application Vulnerability Scanning Services

your agency with a method to help identify web application vulnerabilities and secure your web applications while maintaining compliance with Commonwealth of Virginia information security standards. The service is able to identify over 600 web application vulnerabilities including the OWASP Top 10, configuration errors and many others. This service is intended to provide guidance for agencies with limited or advanced web application security expertise in house.

Web Application Vulnerability Scan and ReportingThe service includes an automated web application vulnerability scan, with manual crawl if required, a manual review of findings and a default report. The URL is then added to a scheduler for automated quarterly scanning and reporting. This enables your agency to identify vulnerabilities and focus remediation efforts, gauging the results and identifying new findings every 90 days from the reports. The commonwealth security and risk management (CSRM) web application vulnerability team will assist with interpreting scan results. Your agency is responsible for verifying and remediating the vulnerabilities that are identified. The service, including the initial and quarterly scans and reports, is provided to all executive branch agencies and non-exempt institutions of higher education at no direct charge.

Additional scans and reporting may be requested.

Cost:

Executive branch agencies and non-exempt institutions of higher education may request scans of non-production applications for $250/scan. In addition, judicial and legislative branch agencies and localities may request scans for $250/scan.

Additional vulnerability remediation resources are available through the contract labor agreements (rate is $125/hour).

The CSRM web application and vulnerability testing team is continually monitoring the internet for new vulnerabilities. The team has significant cybersecurity experience and extensive training in securing web applications and IT infrastructure. This diverse knowledge base provides CSRM with the background needed to evaluate your agency's system for security vulnerabilities and to provide guidance on remediation. By addressing security vulnerabilities before an incident occurs, we can lessen the risk of compromise and costly post event remediation.

How to Order

Additional scans for non-production applications (executive branch agencies and non-exempt institutions of higher education) – standard work request form found in the Service Catalog Form Library

Consulting services – custom work request form RD1-002; note "consulting services" and other requirements in the field "General description of customer's business needs" – found in the Service Catalog Form Library

Please contact your customer account manager (CAM) or the service lead for additional information.

VITA provides content in several formats that require software in addition to your browser to view. If you have problems accessing a file on this site, links to the needed software are below. All required software products (except the non-trial version of WinZip) are free to use.